bpftrace
bpftrace copied to clipboard
ajor
High-level tracing language for Linux eBPF - development moved to https://github.com/iovisor/bpftrace
floats
Ticket to suggest adding floats (doubles). Eg, this should work: ``` # bpftrace -e 'kprobe:sys_nanosleep { printf("%.2f: sleep by %d\n", nsecs / 1000000000, tid); }' printf: Too many arguments for...
Variables keyed by thread ID will commonly used, and maybe this should be a new data type. Eg, the ```@start[tid]``` in this example: ``` kprobe:sys_read { @start[tid] = nsecs; }...
Would have helped to avoid this bug 641f637396c0da4e55a98dc44040de146a1f8c60 I think I disabled them in the first place because of large numbers of warnings caused by the LLVM headers and GTest,...
New option added to libbcc Possibly something like: `kprobe:sys_open+8 { ... }`
Something like this should work: ``` bpftrace -e 'kprobe:sys_nanosleep { printf("secs: %d\n", arg0->tv_nsec); } ``` or ``` bpftrace -e 'kprobe:sys_nanosleep { printf("secs: %d\n", ((struct timespec *)arg0)->tv_nsec); }' ```
Hi, Is there any support for scalar arrays? For example, how to access ```char *argv[]``` of the ```execve(2)```? Thanks.
I created this document a while ago when I was evaluating bpftrace, and realized that it may make a useful addition (after cleaning it up a bit more): eg, as...
Could return the caller address. Useful for frequency counting on which function called malloc(), etc, when you don't want the entire stack. Might come out of #12 naturally.